Page 1 of 1

[Security] Can TCP handshake be blocked by ROS firewall?

Posted: Sat Dec 12, 2015 1:40 am
by kiler129
Hi!
Reading through security blogs I found a rather interesting article regarding current generation firewalls. Since ROS is equipped with stateful firewall it may be also vulnerable.
Article is published at http://www.cynet.com/blog/, but looking at the link it may change so I made a screenshot: http://i.imgur.com/WN98i5F.png

Could someone from MikroTik comment on that?

Re: [Security] Can TCP handshake be blocked by ROS firewall?

Posted: Sat Dec 12, 2015 3:39 am
by chechito
maybe a regexp on a L7 filter can catch it??

in theory when a connection is blocked the syn does not even pass??

i think only affect next gen utm firewall who perform app id off course when connections are allowed

Re: [Security] Can TCP handshake be blocked by ROS firewall?

Posted: Sat Dec 12, 2015 2:55 pm
by pe1chl
Of course when you have an IP Firewall rule that blocks establishment of TCP sessions to some specific port (or to all ports except some specific ones), you are not vulnerable to such attacks.
I have not seen a firewall that works like the one they describe (that allows all connections initially), but maybe they exist.
Maybe they are factory-default setups that a normal operator would always modify.